1. COBIT® Background
- COBIT® History
- COBIT® Version 4.1
- COSO/COBIT® 4.1 Mapping
- COBIT® 4.1 Control Practices & Assurance Guide
2. Summary of COBIT® 5
- COBIT® 5 Significant Changes
- COBIT® 5 Principles
- Meeting Stakeholder Needs
- Covering the Enterprise End-to-end
- Applying a Single Integrated Framework
- Enabling a Holistic Approach
- Separating Governance / Management
- COBIT® 5 Enabling Processes
- Enabling Processes vs. Control Objectives
- Goals Cascade
- RACI Charts
- Inputs and Outputs
- Process Capability Model
- Mapping COBIT® 4.1 to COBIT® 5
3. International Security Standards, Frameworks
- Using COBIT® 5 in conjunction with other standards and frameworks
- IIA Global Technology Audit Guides
- ISO-27001 – ISMS – Information Security Management System
- ISO-27002 – Security Code of Practice
- ISO-27005 – Security Risk Management
- ITIL - IT Infrastructure Library
- Payment Card Industry Data Security Standard
- FISMA - FIPS 199, NIST 800-53
- ISACA Auditing Standards
4. Manage Continuity
- COBIT® 5 DSS-04 – Manage Continuity
- 04.01 - Define the Business Continuity Policy Objectives and Scope
- 04.02 - Maintain a Continuity Strategy
- 04.03 - Develop and Implement a Business Continuity Response
- 04.04 - Exercise, Test and Review the BCP
- 04.05 - Review, Maintain and Improve the Continuity Plan
- 04.06 - Conduct Continuity Plan Training
- 04.07 - Manage Backup Arrangements
- 04.08 - Conduct Post-Resumption Review
- COBIT® 4.1 - IT Assurance Guide
- IIA GTAG – Business Continuity Management
- ISO-27002 – Section 14 - Business Continuity Mgt.
- NIST 800-53 – Section CP – Contingency Planning
5. Risk Management
- Risk Definitions – Threats, Vulnerabilities, Exposures, Safeguards
- Risk Analysis
- COSO Risk Assessment
- COSO Enterprise Risk Management
- COBIT® 5 Risk Management
- COBIT® 5 - EDM-03 - Ensure Risk Optimization
- 03.01 - Evaluate Risk Management
- 03.02 - Direct Risk Management
- 03.03 - Monitor Risk Management
- COBIT® 5 - APO - 12 - Manage Risk
- 12.01 - Collect Data
- 12.02 - Analyze Risk
- 12.03 - Maintain a Risk Profile
- 12.04 - Articulate Risk
- 12.05 - Define a Risk Management Action Portfolio
- 12.06 - Respond to Risk
- COBIT® 4.1 - IT Assurance Guide
- IIA GTAG – Developing the IT Audit Plan
- ISACA - Risk IT Framework
- ISO 27001 – ISMS Risk Assessment / Management
- ISO-27002 – Section 4 - Risk Assessment
- ISO-27005 – Information Security Risk Mgt.
- FIPS 199 - Security Risk Categorization
- NIST 800-53 – Section RA – Risk Assessment
- NIST 800-30 - Risk Management Guide for IT Systems
- OCTAVE - Operationally Critical Threat, Asset, and Vulnerability Evaluation
- ISACA Standards / Guidelines
6. Security Management
- COBIT® 5 Security Management
- COBIT® 5 - APO-13 – Manage Security
- 13.01 - Establish and Maintain an ISMS
- 13.02 - Define and Manage an Information Security Risk Treatment Plan
- 13.03 - Monitor and Review the ISMS
- COBIT® 5 - DSS-05 - Manage Security Services
- 05.01 - Protect Against Malware
- 05.02 - Manage Network and Connectivity Security
- 05.03 - Manage Endpoint Security
- 05.04 - Manage User Identity and Logical Access
- 05.05 - Manage Physical Access to IT Assets
- 05.06 - Manage Sensitive Documents and Output Devices
- 05.07 - Monitor the Infrastructure for Security Related Events
- COBIT® 4.1 - IT Assurance Guide
- IIA GTAG
- ISO 27001 – ISMS Security Management
- ISO-27002 – Security Code of Practice
- FIPS 199 - Security Risk Categorization
- NIST 800-53 – Security Controls
- ISACA Standards / Guidelines
7. Assessing IT Governance using COBIT® 5
- IIA Governance Definitions
- COSO and Governance
- Defining IT Governance
- Linking Enterprise and IT Governance
- IT Governance Practices
- Governance Frameworks, Standards and Guidelines
- Using COBIT® 5 to Assess IT Governance
- COBIT® 5 - Evaluate, Direct and Monitor (EDM)
- EDM - 01 - Ensure Governance Framework Setting and Maintenance
- EDM - 02 - Ensure Benefits Delivery
- EDM - 03 - Ensure Risk Optimization
- EDM - 04 - Ensure Resource Optimization
- EDM - 05 - Ensure Stakeholder Transparency
8. COBIT® Related Resources
- COBIT® 4.1
- Risk IT Framework
- Val IT™ Framework
- IT Assurance Framework™ (ITAF™)
- Board Briefing on IT Governance
- COBIT® 5 Product Family
|
